Bug#540623: openssh-server: AllowAgentForwarding missing from list of allowed keywords in Match block in sshd_config
Package: openssh-server
Version: 1:5.1p1-6
Severity: minor
from sshd_config(5):
Only a subset of keywords may be used on the lines following a
Match keyword. Available keywords are AllowTcpForwarding,
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
GSSAPIAuthentication, HostbasedAuthentication,
KbdInteractiveAuthentication, KerberosAuthentication,
MaxAuthTries, MaxSessions, PasswordAuthentication, PermitOpen,
PermitRootLogin, RhostsRSAAuthentication, RSAAuthentication,
X11DisplayOffset, X11Forwarding, and X11UseLocalHost.
Apparently, AllowAgentForwarding is also allowed there.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii dpkg 1.15.3.1 Debian package management system
ii libc6 2.9-12 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries
ii libpam-modules 1.0.1-9 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-9 Runtime support for the PAM librar
ii libpam0g 1.0.1-9 Pluggable Authentication Modules l
ii libselinux1 2.0.82-1 SELinux shared libraries
ii libssl0.9.8 0.9.8k-3 SSL shared libraries
ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.1p1-6 secure shell client, an rlogin/rsh
ii procps 1:3.2.8-1 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
pn ufw <none> (no description available)
-- debconf information:
ssh/vulnerable_host_keys:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: